WordPress has just put out a security release and we recommend all our clients using WordPress have their websites upgrades.
WordPress 4.7.5 Security and Maintenance Release (wordpress.org)
WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.4 and earlier are affected by six security issues:
- Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
- Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
- Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.
Since there are some cross-site scripting vulnerabilities, this upgrade should be done.
Our Website Maintenance Department will be in contact with you regarding these upgrades. Clients that have signed up for our Automatic WordPress Update Program or Website Care program will get their website updated in the next week or so or if a follow-up version of WordPress is released.
View the complete list of WordPress versions here.
Read more about why WordPress updates are important.
If you haven’t heard about our Website Care program, then you’re missing out on savings and peace of mind!
There are different levels to choose from but with each level, you get your installation of WordPress checked weekly for updates to the core software, plugins and themes. The benefit is that your website software is kept up to date. This work is done by hand and we test your website after the upgrade to make sure everything works like it should.
The program is either by monthly subscription or you can save 10% and pay for a year in advance. When you use this program you save about 40% on updating WordPress. It’s kind of a no-brainer!
Sleep better knowing that your website is being taken care of when you enroll in our Website Care program today!